Quit NTLM authenticate() on missing NTLM authorization header (#2216)

Previously, various null-pointer dereferences, UAFs, and so on occurred.

Author: MegaManSec

src/auth/ntlm/UserRequest.cc

@@ -186,20 +186,23 @@ Auth::Ntlm::UserRequest::authenticate(HttpRequest * aRequest, ConnStateData * co
     /* get header */
     const char *proxy_auth = aRequest->header.getStr(type);
 
+    /* if proxy_auth is actually NULL, we'd better not manipulate it. */
+    if (!proxy_auth) {
+        debugs(29, 4, "WARNING: NTLM Authentication missing authorization header");
+        return;
+    }
+
     /* locate second word */
     const char *blob = proxy_auth;
 
-    /* if proxy_auth is actually NULL, we'd better not manipulate it. */
-    if (blob) {
-        while (xisspace(*blob) && *blob)
-            ++blob;
+    while (xisspace(*blob) && *blob)
+        ++blob;
 
-        while (!xisspace(*blob) && *blob)
-            ++blob;
+    while (!xisspace(*blob) && *blob)
+        ++blob;
 
-        while (xisspace(*blob) && *blob)
-            ++blob;
-    }
+    while (xisspace(*blob) && *blob)
+        ++blob;
 
     switch (user()->credentials()) {